Commit bd3fc8133b ("ShellPkg/App: Fix memory leak and save resources.",
2016-05-20) added a FreePool() call for Split->SplitStdIn, near end of the
RunSplitCommand(), right after the same shell file was closed with
CloseFile(). The argument was:
> 1) RunSplitCommand() allocates the initial SplitStdOut via
> CreateFileInterfaceMem(). Free SplitStdIn after the swap to fix
> the memory leak.
There is no memory leak actually, and the FreePool() call in question
constitutes a double-free:
(a) This is how the handle is established:
ConvertEfiFileProtocolToShellHandle (
CreateFileInterfaceMem (Unicode),
NULL
);
CreateFileInterfaceMem() allocates an EFI_FILE_PROTOCOL_MEM object and
populates it fully. ConvertEfiFileProtocolToShellHandle() allocates
some administrative structures and links the EFI_FILE_PROTOCOL_MEM
object into "mFileHandleList".
(b) EFI_SHELL_PROTOCOL.CloseFile() is required to close the
SHELL_FILE_HANDLE and to release all associated data. Accordingly,
near the end of RunSplitCommand(), we have:
EfiShellClose()
ShellFileHandleRemove()
//
// undoes the effects of ConvertEfiFileProtocolToShellHandle()
//
ConvertShellHandleToEfiFileProtocol()
//
// note that this does not adjust the pointer value; it's a pure
// type cast
//
FileHandleClose()
FileInterfaceMemClose()
//
// tears down EFI_FILE_PROTOCOL_MEM completely, undoing the
// effects of CreateFileInterfaceMem ()
//
The FreePool() call added by bd3fc8133b conflicts with
SHELL_FREE_NON_NULL(This);
in FileInterfaceMemClose(), so remove it.
This error can be reproduced for example with:
> Shell> map | more
> 'more' is not recognized as an internal or external command, operable
> program, or script file.
which triggers:
> ASSERT MdeModulePkg/Core/Dxe/Mem/Pool.c(624): CR has Bad Signature
with the following stack dump:
> #0 0x000000007f6dc094 in CpuDeadLoop () at
> MdePkg/Library/BaseLib/CpuDeadLoop.c:37
> #1 0x000000007f6dd1b4 in DebugAssert (FileName=0x7f6ed9f0
> "MdeModulePkg/Core/Dxe/Mem/Pool.c", LineNumber=624,
> Description=0x7f6ed9d8 "CR has Bad Signature") at
> OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c:153
> #2 0x000000007f6d075d in CoreFreePoolI (Buffer=0x7e232c98,
> PoolType=0x7f6bc1c4) at MdeModulePkg/Core/Dxe/Mem/Pool.c:624
> #3 0x000000007f6d060e in CoreInternalFreePool (Buffer=0x7e232c98,
> PoolType=0x7f6bc1c4) at MdeModulePkg/Core/Dxe/Mem/Pool.c:529
> #4 0x000000007f6d0648 in CoreFreePool (Buffer=0x7e232c98) at
> MdeModulePkg/Core/Dxe/Mem/Pool.c:552
> #5 0x000000007d49fbf8 in FreePool (Buffer=0x7e232c98) at
> MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c:818
> #6 0x000000007d4875c3 in RunSplitCommand (CmdLine=0x7d898398,
> StdIn=0x0, StdOut=0x0) at ShellPkg/Application/Shell/Shell.c:1813
> #7 0x000000007d487d59 in ProcessNewSplitCommandLine
> (CmdLine=0x7d898398) at ShellPkg/Application/Shell/Shell.c:2121
> #8 0x000000007d488937 in RunShellCommand (CmdLine=0x7e233018,
> CommandStatus=0x0) at ShellPkg/Application/Shell/Shell.c:2670
> #9 0x000000007d488b0b in RunCommand (CmdLine=0x7e233018) at
> ShellPkg/Application/Shell/Shell.c:2732
> #10 0x000000007d4867c8 in DoShellPrompt () at
> ShellPkg/Application/Shell/Shell.c:1349
> #11 0x000000007d48524d in UefiMain (ImageHandle=0x7e24c898,
> SystemTable=0x7f5b6018) at ShellPkg/Application/Shell/Shell.c:631
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Marvin Häuser <Marvin.Haeuser@outlook.com>
Cc: Qiu Shumin <shumin.qiu@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Fixes: bd3fc8133b
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Marvin Häuser <Marvin.Haeuser@outlook.com>
The "SPLIT_LIST.SplitStdOut" and "SPLIT_LIST.SplitStdIn" members currently
have type (SHELL_FILE_HANDLE *). This is wrong; SHELL_FILE_HANDLE is
already a pointer, there's no need to store a pointer to a pointer.
The error is obvious if we check where and how these members are used:
- In the RunSplitCommand() function, these members are used (populated)
extensively; this function has to be updated in sync.
ConvertEfiFileProtocolToShellHandle() already returns the temporary
memory file created with CreateFileInterfaceMem() as SHELL_FILE_HANDLE,
not as (SHELL_FILE_HANDLE *).
- In particular, the ConvertShellHandleToEfiFileProtocol() calls need to
be dropped as well in RunSplitCommand(), since
EFI_SHELL_PROTOCOL.SetFilePosition() and EFI_SHELL_PROTOCOL.CloseFile()
take SHELL_FILE_HANDLE parameters, not (EFI_FILE_PROTOCOL *).
Given that ConvertShellHandleToEfiFileProtocol() only performs a
type-cast (it does not adjust any pointer values), *and*
SHELL_FILE_HANDLE -- taken by EFI_SHELL_PROTOCOL member functions -- is
actually a typedef to (VOID *) -- see more on this later --, this
conversion error hasn't been caught by compilers.
- In the ProcessNewSplitCommandLine() function, RunSplitCommand() is
called either initially (passing in NULL / NULL; no update needed), or
recursively (passing in Split->SplitStdIn / Split->SplitStdOut; again no
update is necessary beyond the RunSplitCommand() modification above).
- In the UpdateStdInStdOutStdErr() and RestoreStdInStdOutStdErr()
functions, said structure members are compared and assigned to
"EFI_SHELL_PARAMETERS_PROTOCOL.StdIn" and
"EFI_SHELL_PARAMETERS_PROTOCOL.StdOut", both of which have type
SHELL_FILE_HANDLE, *not* (SHELL_FILE_HANDLE *).
The compiler hasn't caught this error because of the fatally flawed type
definition of SHELL_FILE_HANDLE, namely
typedef VOID *SHELL_FILE_HANDLE;
Pointer-to-void silently converts to and from most other pointer types;
among them, pointer-to-pointer-to-void. That is also why no update is
necessary for UpdateStdInStdOutStdErr() and RestoreStdInStdOutStdErr()
in this fix.
(
Generally speaking, using (VOID *) typedefs for opaque handles is a tragic
mistake in all of the UEFI-related specifications; this practice defeats
any type checking that compilers might help programmers with. The right
way to define an opaque handle is as follows:
//
// Introduce the incomplete structure type, and the derived pointer
// type, in both the specification and the public edk2 headers. Note
// that the derived pointer type itself is a complete type, and it can
// be used freely by client code.
//
typedef struct SHELL_FILE *SHELL_FILE_HANDLE;
//
// Complete the structure type in the edk2 internal C source files.
//
struct SHELL_FILE {
//
// list fields
//
};
This way the structure size and members remain hidden from client code,
but the C compiler can nonetheless catch any invalid conversions between
incompatible XXX_HANDLE types.
)
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Marvin Häuser <Marvin.Haeuser@outlook.com>
Cc: Qiu Shumin <shumin.qiu@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
When user doesn't press key to exit the timeout waiting in Shell,
and there is no startup.nsh, Shell exits with failure status.
aaf51f08ee introduced this bug.
The patch fixes this issue.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Chen A Chen <chen.a.chen@intel.com>
According to Shell spec 2.2 '-exit' invocation option is used to specify
that after running the command line when launched, the UEFI Shell must
immediately exit.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=332
When the ShellLib ShellExecute() API or the Shell
Protocol Execute() API are used to execute a
command, the arguments are parsed to produce the
Argc/Argv list in the Shell Parameters Protocol and
double quotes are removed from arguments that are
surrounded by double quotes. This is the required
behavior of the Shell Parameters Protocol.
The ProcessCommandLine() function in the shell
implementation uses the Argc/Argv list from the
Shell Parameters Protocol to assemble a new command
line, but the double quotes that may have been
originally present for an argument are not preserved.
ProcessCommandLine() is updated to check if an
argument added to the generated command line
contains one or more white space characters, and
if it does, double quotes are added around the
argument.
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Ruiyu Ni <Ruiyu.ni@intel.com>
This reverts commit c0bcd3433f.
The above commit causes several regression of "echo" command:
1. Double quotes are not being stripped from the final text. UEFI Shell 2.2 section 3.4.5 chops out the quotes.
2. Output redirection is not working as expected. Text is being redirected, but the ‘> …’ text should not be.
3. Inconsistent special character handling. For example, comments with # seem to be parsed out correctly, but handing of ^ is incorrect.
In summary, ‘echo “You are ^#1” > t.txt’ results in the below content in t.txt:
“You are ^#1” > t.txt
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Tapan Shah <tapandshah@hpe.com>
Commit 9168df3dea
"ShellPkg/ShellProtocol.c: Handle memory allocation failure"
only keeps the protocol clean up in CleanUpShellProtocol() and
creates a new function CleanUpShellEnvironment() which calls
CleanUpShellProtocol(), then unregisters the hotkey callback.
But the commit forgot to change the Shell.c to call
CleanUpShellEnvironment() which causes the hotkey callback is
not unregistered while the callback function doesn't exist
when Shell exits.
This causes system hang when pressing CTRL+C after exiting shell.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
And add Shell prefix to the two library APIs.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
1) RunSplitCommand() allocates the initial SplitStdOut via
CreateFileInterfaceMem(). Free SplitStdIn after the swap to fix
the memory leak.
2) In RunSplitCommand(), SplitStdOut is checked for equality with
StdIn. This cannot happen due to the if-check within the swap.
Hence remove it.
3) UefiMain() doesn't free SplitList. Delete all list entries and
reinitialize the list when in DEBUG. This does not include the
CreateFileInterfaceMem()-allocated SplitStd mentioned in 1), so
keep the ASSERT() until resolved.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
The EFI_UNICODE_COLLATION_PROTOCOL can have two different GUIDs.
Look for both to support more UEFI implementations.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
the performance.
Currently UEFI Shell reads variable storage to get the environment
variables every time running a new command. And reading(writing)
UEFI variables is a high cost operation on most platforms. In order
to enhance the performance this patch read the variable storage once
and cache the environment variables in memory. Every further 'set'
command will save the variable not only to Shell cache, but also the
flash variable storage.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by:Ruiyu Ni <ruiyu.ni@intel.com>
This patch makes Shell support -nonesting invocation option. This option
specifies that EFI_SHELL_PROTOCOL.Execute API nesting of a new Shell
instance is optional and dependent on the 'nonesting' Shell environment
variable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Jim Dailey <Jim_Dailey@Dell.com>
When we run following script in Shell:
"
for %a run (1 200)
echo %a
memmap
endfor
"
We may find memory leak in system. This patch free buffer in 'BufferToFreeList' to avoid this issue.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19521 6f19259b-4bc3-4df7-8a09-765794883524
Add the PCD to PcdShellMaxHistoryCommandCount indicate the max count of history commands.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19520 6f19259b-4bc3-4df7-8a09-765794883524
Building the latest shell on RVCT exposed this warning:
ShellPkg\Application\Shell\Shell.c(1090,69): error #191-D: type qualifier is meaningless on cast type
The CONST in the cast was deemed meaningless. Removing the CONST fixed the warning.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Cohen Eugene <eugene@hp.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18954 6f19259b-4bc3-4df7-8a09-765794883524
Per Shell SPEC 2.1 'Double-quotation marks that surround arguments are not stripped in positional parameters'. This patch makes Shell implementation to follow SPEC.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18742 6f19259b-4bc3-4df7-8a09-765794883524
1. Add a new function 'RunShellCommand' to return command status, thus 'EfiShellExecute' can get the command return status of 'CommandLine'.
2. Refine the code logic of 'EfiShellExecute' to make the new image of shell be loaded only if 'Environment' isn't NULL.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Signed-off-by: Jin Eric <eric.jin@intel.com>
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18664 6f19259b-4bc3-4df7-8a09-765794883524
Safe string functions may ASSERT when the source length is larger than the MaxDest. This patch use Strn**S to indicate the copy length.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Tapan Shah <<tapandshah@hp.com>>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17894 6f19259b-4bc3-4df7-8a09-765794883524
Some compilers (such as ARM toolchain) complain if there is
no new line at the end of a source file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17105 6f19259b-4bc3-4df7-8a09-765794883524
I will submit a new patch.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jaben Carsey <Jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16758 6f19259b-4bc3-4df7-8a09-765794883524
I will submit a new patch.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jaben Carsey <Jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16757 6f19259b-4bc3-4df7-8a09-765794883524
This patch update the code in function 'ContainsSplit', and make 'ContainsSplit' depend on 'FindNextInstance'. So we move 'FindNextInstance' in front of 'ContainsSplit'.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Jaben Carsey <Jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16560 6f19259b-4bc3-4df7-8a09-765794883524
This patch replaces StrCpy with StrnCpy or refactors out the usage of StrCpy through some other means.
This patch replaces StrCat with StrnCat or refactors out the usage of StrCat through some other means.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Erik Bjorge <erik.c.bjorge@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16038 6f19259b-4bc3-4df7-8a09-765794883524
Laszlo Ersek
Ruiyu Ni
Dandan Bi
Chen A Chen
Michael Kinney
Marvin H?user
Jaben Carsey
Qiu Shumin
Cohen Eugene
Olivier Martin
Joe Peterson
Tapan Shah
Chris Phillips